Subversion Repositories oidplus

Rev

Rev 1305 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
635 daniel-mar 1
<?php
2
 
3
/*
4
 * OIDplus 2.0
1086 daniel-mar 5
 * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
635 daniel-mar 6
 *
7
 * Licensed under the Apache License, Version 2.0 (the "License");
8
 * you may not use this file except in compliance with the License.
9
 * You may obtain a copy of the License at
10
 *
11
 *     http://www.apache.org/licenses/LICENSE-2.0
12
 *
13
 * Unless required by applicable law or agreed to in writing, software
14
 * distributed under the License is distributed on an "AS IS" BASIS,
15
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16
 * See the License for the specific language governing permissions and
17
 * limitations under the License.
18
 */
19
 
20
// ATTENTION: If you change something, please make sure that the changes
21
//            are synchronous with OIDplusPageAdminAutomatedAJAXCalls
22
 
1050 daniel-mar 23
namespace ViaThinkSoft\OIDplus;
635 daniel-mar 24
 
1086 daniel-mar 25
// phpcs:disable PSR1.Files.SideEffects
26
\defined('INSIDE_OIDPLUS') or die;
27
// phpcs:enable PSR1.Files.SideEffects
28
 
635 daniel-mar 29
class OIDplusPageRaAutomatedAJAXCalls extends OIDplusPagePluginRa {
30
 
1116 daniel-mar 31
        /**
32
         * @param array $params
1143 daniel-mar 33
         * @return array
1116 daniel-mar 34
         * @throws OIDplusException
35
         */
1293 daniel-mar 36
        private function action_Blacklist(array $params): array {
37
                if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_USER', true)) {
38
                        throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_USER'));
39
                }
635 daniel-mar 40
 
1293 daniel-mar 41
                _CheckParamExists($params, 'user');
42
                $ra_email = $params['user'];
635 daniel-mar 43
 
1293 daniel-mar 44
                if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) {
45
                        throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), null, 401);
46
                }
635 daniel-mar 47
 
1293 daniel-mar 48
                $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX;
49
                $sub = $ra_email;
635 daniel-mar 50
 
1293 daniel-mar 51
                OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub);
635 daniel-mar 52
 
1293 daniel-mar 53
                return array("status" => 0);
54
        }
55
 
56
        /**
57
         * @param string $actionID
58
         * @param array $params
59
         * @return array
60
         * @throws OIDplusException
61
         */
62
        public function action(string $actionID, array $params): array {
63
                if ($actionID == 'blacklistJWT') {
64
                        return $this->action_Blacklist($params);
635 daniel-mar 65
                } else {
1116 daniel-mar 66
                        return parent::action($actionID, $params);
635 daniel-mar 67
                }
68
        }
69
 
1116 daniel-mar 70
        /**
71
         * @param string $id
72
         * @param array $out
73
         * @param bool $handled
74
         * @return void
75
         * @throws OIDplusException
76
         */
77
        public function gui(string $id, array &$out, bool &$handled) {
1278 daniel-mar 78
                $parts = explode('$',$id,2);
79
                $ra_email = $parts[1] ?? '';
80
 
81
                if ($parts[0] == 'oidplus:automated_ajax_information_ra') {
635 daniel-mar 82
                        $handled = true;
83
 
84
                        $out['title'] = _L('Automated AJAX calls');
801 daniel-mar 85
                        $out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : '';
635 daniel-mar 86
 
87
                        if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) {
1266 daniel-mar 88
                                throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), $out['title'], 401);
635 daniel-mar 89
                        }
90
 
91
                        if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_USER', true)) {
1206 daniel-mar 92
                                throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_USER'), $out['title']);
635 daniel-mar 93
                        }
94
 
95
                        $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX;
96
                        $sub = $ra_email;
97
 
1314 daniel-mar 98
                        $token = OIDplusAuthContentStoreJWT::craftJWT([$sub], false, $gen);
635 daniel-mar 99
 
100
                        $out['text'] .= '<p>'._L('You can make automated calls to your OIDplus account by calling the AJAX API.').'</p>';
101
                        $out['text'] .= '<p>'._L('The URL for the AJAX script is:').'</p>';
801 daniel-mar 102
                        $out['text'] .= '<p><b>'.OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php</b></p>';
635 daniel-mar 103
                        $out['text'] .= '<p>'._L('You must at least provide following fields:').'</p>';
1265 daniel-mar 104
                        $out['text'] .= '<p><pre id="oidplus_auth_jwt">';
1264 daniel-mar 105
                        $out['text'] .= htmlentities(OIDplusAuthContentStoreJWT::COOKIE_NAME).' = "'.htmlentities($token).'"'."\n";
635 daniel-mar 106
                        $out['text'] .= '</pre></p>';
876 daniel-mar 107
                        $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(oidplus_auth_jwt)"></p>';
635 daniel-mar 108
                        $out['text'] .= '<p>'._L('Please keep this information confidential!').'</p>';
1314 daniel-mar 109
                        $out['text'] .= '<p>'._L('The JWT-token (secret!) will automatically perform a login to fulfill the request. The other fields are the normal fields which are called during the usual operation of OIDplus.').'</p>';
635 daniel-mar 110
                        $out['text'] .= '<p>'._L('Currently, there is no documentation for the AJAX calls. However, you can look at the <b>script.js</b> files of the plugins to see the field names being used. You can also enable network analysis in your web browser debugger (F12) to see the request headers sent to the server during the operation of OIDplus.').'</p>';
111
 
112
                        $out['text'] .= '<h2>'._L('Blacklisted tokens').'</h2>';
113
                        $bl_time = OIDplusAuthContentStoreJWT::jwtGetBlacklistTime($gen, $sub);
114
                        if ($bl_time == 0) {
115
                                $out['text'] .= '<p>'._L('None of the previously generated JWT tokens have been blacklisted.').'</p>';
116
                        } else {
117
                                $out['text'] .= '<p>'._L('All tokens generated before %1 have been blacklisted.',date('d F Y, H:i:s',$bl_time+1)).'</p>';
118
                        }
119
                        $out['text'] .= '<button type="button" name="btn_blacklist_jwt" id="btn_blacklist_jwt" class="btn btn-danger btn-xs" onclick="OIDplusPageRaAutomatedAJAXCalls.blacklistJWT('.js_escape($ra_email).')">'._L('Blacklist all previously generated tokens').'</button>';
120
 
121
                        $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using JavaScript').'</h2>';
122
                        $cont = file_get_contents(__DIR__.'/examples/example_js.html');
802 daniel-mar 123
                        $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont);
635 daniel-mar 124
                        $cont = str_replace('<token>', $token, $cont);
984 daniel-mar 125
                        $out['text'] .= '<pre id="example_js">'.htmlentities($cont).'</pre>';
126
                        $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_js)"></p>';
635 daniel-mar 127
 
128
                        $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using PHP (located at a foreign server)').'</h2>';
129
                        $cont = file_get_contents(__DIR__.'/examples/example_php.phps');
802 daniel-mar 130
                        $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont);
635 daniel-mar 131
                        $cont = str_replace('<token>', $token, $cont);
984 daniel-mar 132
                        $out['text'] .= '<pre id="example_php">'.preg_replace("@<br.*>@ismU","",highlight_string($cont,true)).'</pre>';
133
                        $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_php)"></p>';
635 daniel-mar 134
 
135
                        $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using Python').'</h2>';
136
                        $cont = file_get_contents(__DIR__.'/examples/example_python.py');
802 daniel-mar 137
                        $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont);
635 daniel-mar 138
                        $cont = str_replace('<token>', $token, $cont);
984 daniel-mar 139
                        $out['text'] .= '<pre id="example_python">'.htmlentities($cont).'</pre>';
140
                        $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_python)"></p>';
635 daniel-mar 141
 
142
                        $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using VBScript').'</h2>';
143
                        $cont = file_get_contents(__DIR__.'/examples/example_vbs.vbs');
802 daniel-mar 144
                        $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont);
635 daniel-mar 145
                        $cont = str_replace('<token>', $token, $cont);
984 daniel-mar 146
                        $out['text'] .= '<pre id="example_vbs">'.htmlentities($cont).'</pre>';
147
                        $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_vbs)"></p>';
635 daniel-mar 148
                }
149
        }
150
 
1116 daniel-mar 151
        /**
152
         * @param array $json
153
         * @param string|null $ra_email
154
         * @param bool $nonjs
155
         * @param string $req_goto
156
         * @return bool
157
         * @throws OIDplusException
158
         */
159
        public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {
635 daniel-mar 160
                if (!$ra_email) return false;
161
                if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) return false;
162
 
800 daniel-mar 163
                if (file_exists(__DIR__.'/img/main_icon16.png')) {
801 daniel-mar 164
                        $tree_icon = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png';
635 daniel-mar 165
                } else {
166
                        $tree_icon = null; // default icon (folder)
167
                }
168
 
169
                $json[] = array(
170
                        'id' => 'oidplus:automated_ajax_information_ra$'.$ra_email,
171
                        'icon' => $tree_icon,
172
                        'text' => _L('Automated AJAX calls')
173
                );
174
 
175
                return true;
176
        }
177
 
1116 daniel-mar 178
        /**
179
         * @param string $request
180
         * @return array|false
181
         */
182
        public function tree_search(string $request) {
635 daniel-mar 183
                return false;
184
        }
185
}